The present invention relates to an encrypting keypad module. In particular, the present invention relates to an encrypting PIN pad (EPP) module for use with a retail point of sale (PoS) terminal or a self-service terminal (SST) such as an automated teller machine (ATM). The invention also relates to a terminal including such an encrypting keypad module.
ATMs require high electronic security because sensitive information, such as a user's personal identification number (PIN), is entered by a user at the ATM. The entered information is conveyed within the ATM and also outside the ATM to an authorization center that authorizes a requested transaction.
To ensure that the user's PIN is not divulged by the ATM after it has been entered by the user, a tamper-resistant integral unit is provided having a keypad and an encryption unit. The integral unit is referred to as an encrypting PIN pad (EPP) module.
Once a user has entered his/her PIN, the EPP encrypts the entered digits to ensure that the digits are encrypted prior to leaving the EPP. This ensures that a user's PIN is never conveyed (either within or outside the ATM) as plaintext.
The EPP includes an encryption unit having a random number generator, a cryptographic processor, a non-volatile memory for storing a unique master encryption key and an encryption algorithm, and a volatile memory for storing customer-specific encryption keys, such as a key exchange key and a PIN key.
Typically, when an EPP is manufactured the unique master key is generated by the cryptographic processor within the EPP and stored in the non-volatile memory (which may be EEPROM or battery-backed RAM). The encryption algorithm to be used by the module is also loaded into the non-volatile memory during manufacture of the EPP. The algorithm may be, for example, the data encryption standard (DES).
If the EPP is tampered with, for example by a third party attempting to gain access to it, then the EPP deletes the master key stored in the non-volatile memory, and any other keys stored in the volatile memory.
When a user enters his/her PIN at an ATM, the EPP uses its PIN key and the stored encryption algorithm (such as DES) to encrypt the entered digits using a standard protocol. The result of this encryption on the entered digits is generally referred to as a PIN block.
A protocol (also referred to as a framework) indicates how a cryptographic processor is to operate on data, how the processor is to use encryption keys, what type of algorithm is to be used for encryption, and such like.
A number of different protocols exist, some of these are described in international standards, such as: ANSI standard X9.8 “PIN management and security”, ANSI X9.9 “Financial institution message authentication”, ANSI X9.17 “Financial institution key management”, Australian standard for electronic funds transfer AS 2805, and such like.
The PIN block is then transmitted from the EPP to an ATM controller, which transmits the PIN block (together with the requested transaction, and typically a sequence number and a date/time stamp) to an authorization center. The authorization center decrypts the encrypted PIN block to verify the claimed identity of the user, and authorizes a requested transaction if sufficient funds are present.
One problem associated with current EPPs is that it is difficult to change the protocol used by the EPP. Another problem is that it is difficult to derive new keys for current EPPs. There are a number of reasons for these problems. To upgrade the EPP protocol and to derive new keys, a complex application programming interface (API) must be used. In addition, the ATM application program is constrained so that only certain functions can be performed relating to deriving new keys and upgrading protocols. Furthermore, the architecture of an EPP is typically vendor-specific, so an ATM application program may have to be changed if a new type of EPP is used in the ATM.
Thus, when a new key is to be derived, or when a new protocol is to be implemented, on a network of ATMs having different types of EPPs (that is, EPPs from different vendors), then each type of EPP requires different instructions. This makes upgrading the ATM network a time-consuming, complex, and expensive task. However, to ensure high levels of data security, EPPs in ATM networks have to be upgraded frequently.